OS Mastery Simple OS learning for a global audience Start Here

LAB-SEC-01 - The UFW Firewall

Use UFW to inspect firewall state, allow required access, and apply simple rules without locking yourself out.

SEC Security & Firewalls

The UFW Firewall

Use UFW to inspect firewall state, allow required access, and apply simple rules without locking yourself out.

25 min BEGINNER LINUX
Before this lab
Lab LAB-NET-04 - Ports and Connections
What success looks like
  • Use UFW to inspect firewall state, allow required access, and apply simple rules without locking yourself out.
  • Repeat the workflow without copy-paste or step-by-step prompting.
Safety notes
  • If you are working over SSH, allow the SSH port before enabling UFW and confirm you still have a recovery path.

Part A: The Field Guide

What This Lab Is Really About

This lab teaches the safest beginner habits for host firewalls:

  • inspect current state
  • allow what is truly needed
  • keep administrative access working
  • remove mistakes cleanly

UFW is a good starting point because it keeps the rule language readable.

Command Reference

Common UFW commands

sudo ufw status sudo ufw status numbered sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw delete 2

Part B: The Drill Deck

Terminal required: if you are on a remote host, be especially careful with SSH access.

G
Guided Step by step - type exactly this and compare the result
>

Exercise G1: Inspect the Current Firewall

  1. Run:
sudo ufw status verbose
  1. Note whether UFW is active or inactive.
  2. If it is already active, read the current rules before changing anything.

Exercise G2: Protect SSH Before Enabling

  1. If you use SSH to reach this system, add the SSH rule first:
sudo ufw allow 22/tcp
  1. Then enable UFW if needed:
sudo ufw enable
  1. Verify the result:
sudo ufw status

Exercise G3: Add One More Needed Port

  1. Add a simple web rule:
sudo ufw allow 80/tcp
  1. Check the firewall again and confirm the rule appears.
S
Solo Task described, hints available - figure it out
>

Exercise S1: Restrict by Source

  1. Add a rule that allows only one source IP to reach a chosen port, for example:
sudo ufw allow from 10.0.0.200 to any port 5432
  1. Read the rule list and confirm what changed.

Exercise S2: Remove a Mistake

  1. List numbered rules:
sudo ufw status numbered
  1. Delete one test rule by its number.
  2. Verify that the remaining rules shifted as expected.
M
Mission Real scenario - no hints, combine multiple skills
>

Mission M1: Rebuild a Minimal Safe Policy

Your task is to describe or perform a minimal safe setup for a host that only needs:

  • SSH administration
  • HTTP on port 80

The workflow should include:

  1. confirming current state
  2. allowing required ports
  3. enabling the firewall
  4. verifying the result

Related exits

Learning

Return to the related lesson if you want the concept explained more deeply.

Open now Troubleshooting

Use problem-first help when this lab maps to a real issue.

Open now Reference

Look up commands, topics, and tasks while you practice.

Open now